diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2019-01-03 01:55:15 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-03 01:55:15 +0300 |
| commit | e7728989ad9d5e344f5c5255d99e7caa21cbe942 (patch) | |
| tree | 17ee47822db8813df3c16a3d364a76574a5f0a75 | |
| parent | d8da9c3eb3257dd84524c21f95a97ed3dbf5383f (diff) | |
| parent | dbf017f8dc1d1e1914b9584ef34a27f658ba7cd2 (diff) | |
Merge pull request #80 from nextcloud/patch-ldap-unmapped-login14.0.4-0
apply patch to fix exception on LDAP mapping during login
| -rw-r--r-- | Dockerfile | 10 | ||||
| -rw-r--r-- | i18n/de/README_POST_INSTALL_DE | 2 | ||||
| -rw-r--r-- | i18n/de/README_POST_UPDATE_DE | 2 | ||||
| -rw-r--r-- | i18n/de/README_UNINSTALL_DE | 4 | ||||
| -rw-r--r-- | i18n/en/README_POST_INSTALL_EN | 2 | ||||
| -rw-r--r-- | i18n/en/README_POST_UPDATE_EN | 2 | ||||
| -rw-r--r-- | i18n/en/README_UNINSTALL_EN | 4 | ||||
| -rw-r--r-- | resources/13120.patch | 234 | ||||
| -rw-r--r-- | setup | 1 |
9 files changed, 253 insertions, 8 deletions
@@ -30,7 +30,9 @@ COPY resources/60-nextcloud.ini /etc/php/7.2/apache2/conf.d/ COPY resources/60-nextcloud.ini /etc/php/7.2/cli/conf.d/ COPY resources/000-default.conf /etc/apache2/sites-enabled/ -ENV NC_IS_PATCHED false +# uncomment and set to true if a patch nededs to be applied +COPY resources/13120.patch /root/13120.patch +ENV NC_IS_PATCHED true RUN /bin/bash -c "export DEBIAN_FRONTEND=noninteractive" && \ echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ @@ -88,9 +90,9 @@ RUN cd /var/www/html/apps && \ rm /root/onlyoffice.tar.gz # uncomment and adjust following block if a patch needs to be applied -#RUN cd /var/www/html/ && \ -# patch -p1 -t < /root/6502.patch && \ -# rm /root/6502.patch +RUN cd /var/www/html/ && \ + patch -p1 -t < /root/13120.patch && \ + rm /root/13120.patch EXPOSE 80 diff --git a/i18n/de/README_POST_INSTALL_DE b/i18n/de/README_POST_INSTALL_DE index 7c4b9da..35d8b56 100644 --- a/i18n/de/README_POST_INSTALL_DE +++ b/i18n/de/README_POST_INSTALL_DE @@ -1,4 +1,6 @@ <p>Glückwunsch, die Nextcloud-Instanz wurde erfolgreich installiert!</p> +<h2>Mailserver Konfiguration</h2> +<p>Gegenwärtig können die Mailserver-Einstellungen nicht automatisch eruiert werden. Als Administrator kann die Konfiguration in den Admineinstellungen eingetragen werden.</p> <h2>Hinweise zu Meldungen in der Übersicht der Admineinstellungen</h2> <p>Im Bereich der <strong>Sicherheits- & Einrichtungswarnungen</strong> werden wahrscheinlich einige Hinweise angezeigt, mit der die Nextcloud-Installation verbessert werden kann. Diese Punkt können nicht im Rahmen der Nextcloud Integration für UCS erfolgen, stattdessen entscheidet der Administrator gegebenenfalls Schritte durchzuführen. <h3>"Strict-Transport-Security" HTTP header</h3> diff --git a/i18n/de/README_POST_UPDATE_DE b/i18n/de/README_POST_UPDATE_DE index 2dbe94a..7b63432 100644 --- a/i18n/de/README_POST_UPDATE_DE +++ b/i18n/de/README_POST_UPDATE_DE @@ -12,3 +12,5 @@ <p>Folgender Befehl, auszuführen auf dem Host, fügt die Indizes hinzu:</p> <p><code>univention-app shell nextcloud sudo -u www-data /var/www/html/occ db:add-missing-indices</code></p> <p>Es ist nicht notwendig Nextcloud in den Wartungsmodus zu schalten, diese Aktion kann während des Produktivbetriebs durchgeführt werden.</p> +<h2>Mailserver Konfiguration</h2> +<p>Sofern die Einstellungen zum Mailserver noch nicht vorgenommen wurden, empfiehlt es sicht diese als Administrator in den Admineinstellungen einzurichten.</p> diff --git a/i18n/de/README_UNINSTALL_DE b/i18n/de/README_UNINSTALL_DE index aeb4420..c0f9893 100644 --- a/i18n/de/README_UNINSTALL_DE +++ b/i18n/de/README_UNINSTALL_DE @@ -8,8 +8,8 @@ Folgende Artefakte bleiben erhalten: <h3>Die Datenbank</h3> <p>Mit folgenden Befehlen kann die Datenbank bereinigt werden</p> -<p><code>su -c "psql -c \"drop database nextcloud\"" - postgres && \ - su -c "dropuser \"nextcloud\"" - postgres && \ +<p><code>su -c "psql -c \"drop database nextcloud\"" - postgres && \<br/> + su -c "dropuser \"nextcloud\"" - postgres && \<br/> rm /etc/postgresql-nextcloud.secret </code></p> <p>Die erste Befehl löscht die Nextcloud Datenbank in Postgres, der zweite Befehl entfernt den Datenbank-Benutzer. Die Dritte tilgt die Passwortdatei.</p> diff --git a/i18n/en/README_POST_INSTALL_EN b/i18n/en/README_POST_INSTALL_EN index d0f2ea3..d9a3767 100644 --- a/i18n/en/README_POST_INSTALL_EN +++ b/i18n/en/README_POST_INSTALL_EN @@ -1,4 +1,6 @@ <p>Congratulations, your Nextcloud instance was installed successfully!</p> +<h2>Mail server configuration</h2> +<p>Currently, it is not possible to automatically detect the mail server settings. Please log in as Administrator and configure in the admin settings.</p> <h2>Notes on messages shown in the admin settings overview</h2> <p>In the <strong>Security & setup warnings</strong> section it is likely that some messages are shown, on how to improve the setup. The items mentioned cannot be done by the Nextcloud integration for UCS, instead the admin needs to decide whether actions should be taken.</p> <h3>"Strict-Transport-Security" HTTP header</h3> diff --git a/i18n/en/README_POST_UPDATE_EN b/i18n/en/README_POST_UPDATE_EN index f74c51d..d26a6e2 100644 --- a/i18n/en/README_POST_UPDATE_EN +++ b/i18n/en/README_POST_UPDATE_EN @@ -12,3 +12,5 @@ <p>To add the indices run the following command from your host:</p> <p><code>univention-app shell nextcloud sudo -u www-data /var/www/html/occ db:add-missing-indices</code></p> <p>It is not necessary to put Nextcloud into maintenance mode, this action can run during production.</p> +<h2>Mail server configuration</h2> +<p>If the mail server configuration was not done by hand, it is recommended to set it up as Administrator in the admin settings.</p> diff --git a/i18n/en/README_UNINSTALL_EN b/i18n/en/README_UNINSTALL_EN index b1e42f7..0fa2026 100644 --- a/i18n/en/README_UNINSTALL_EN +++ b/i18n/en/README_UNINSTALL_EN @@ -8,8 +8,8 @@ Following artifacts are left: <h3>The database</h3> <p>In order to clean up the database, on the host execute:</p> -<p><code>su -c "psql -c \"drop database nextcloud\"" - postgres && \ - su -c "dropuser \"nextcloud\"" - postgres && \ +<p><code>su -c "psql -c \"drop database nextcloud\"" - postgres && \<br/> + su -c "dropuser \"nextcloud\"" - postgres && \<br/> rm /etc/postgresql-nextcloud.secret </code></p> <p>The first command drops the Nextcloud database in Postgres, the second one deletes the database user. The third deletes the password file.</p> diff --git a/resources/13120.patch b/resources/13120.patch new file mode 100644 index 0000000..adb02a2 --- /dev/null +++ b/resources/13120.patch @@ -0,0 +1,234 @@ +From aff41210ad42ade669c110b6a683eafd66764e8d Mon Sep 17 00:00:00 2001 +From: Arthur Schiwon <blizzz@arthur-schiwon.de> +Date: Tue, 27 Nov 2018 17:06:48 +0100 +Subject: [PATCH 1/4] cache users as existing after mapping + +during login they might be cached as non-existing and cause an Exception +in the long run + +reduces some duplication, too + +Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> +--- + apps/user_ldap/lib/Access.php | 44 ++++++++++++++++++++++++----------- + 1 file changed, 30 insertions(+), 14 deletions(-) + +diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php +index 48914e64288..66d302460a3 100644 +--- a/apps/user_ldap/lib/Access.php ++++ b/apps/user_ldap/lib/Access.php +@@ -610,26 +610,25 @@ public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped + // outside of core user management will still cache the user as non-existing. + $originalTTL = $this->connection->ldapCacheTTL; + $this->connection->setConfiguration(['ldapCacheTTL' => 0]); +- if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName)) +- || (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) { +- if($mapper->map($fdn, $intName, $uuid)) { +- $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]); +- if($this->ncUserManager instanceof PublicEmitter && $isUser) { +- $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]); +- } +- $newlyMapped = true; ++ if( $intName !== '' ++ && (($isUser && !$this->ncUserManager->userExists($intName)) ++ || (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName)) ++ ) ++ ) { ++ $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]); ++ $newlyMapped = $this->mapAndAnnounceIfApplicable($mapper, $fdn, $intName, $uuid, $isUser); ++ if($newlyMapped) { + return $intName; + } + } +- $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]); + ++ $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]); + $altName = $this->createAltInternalOwnCloudName($intName, $isUser); +- if (is_string($altName) && $mapper->map($fdn, $altName, $uuid)) { +- if ($this->ncUserManager instanceof PublicEmitter && $isUser) { +- $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$altName]); ++ if (is_string($altName)) { ++ if($this->mapAndAnnounceIfApplicable($mapper, $fdn, $altName, $uuid, $isUser)) { ++ $newlyMapped = true; ++ return $altName; + } +- $newlyMapped = true; +- return $altName; + } + + //if everything else did not help.. +@@ -637,6 +636,23 @@ public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped + return false; + } + ++ protected function mapAndAnnounceIfApplicable( ++ AbstractMapping $mapper, ++ string $fdn, ++ string $name, ++ string $uuid, ++ bool $isUser ++ ) :bool { ++ if($mapper->map($fdn, $name, $uuid)) { ++ if ($this->ncUserManager instanceof PublicEmitter && $isUser) { ++ $this->cacheUserExists($name); ++ $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$name]); ++ } ++ return true; ++ } ++ return false; ++ } ++ + /** + * gives back the user names as they are used ownClod internally + * @param array $ldapUsers as returned by fetchList() + +From a76695962b02aee8db5c81dda6c87ea874268811 Mon Sep 17 00:00:00 2001 +From: Arthur Schiwon <blizzz@arthur-schiwon.de> +Date: Tue, 27 Nov 2018 17:09:55 +0100 +Subject: [PATCH 2/4] =?UTF-8?q?be=20careful=20with=20mixed=20return=20valu?= + =?UTF-8?q?es=20even=20if=20it=20may=20look=20unsuspicious=E2=80=A6?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> +--- + apps/dav/lib/CardDAV/SyncService.php | 2 +- + apps/dav/lib/HookManager.php | 4 +++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/apps/dav/lib/CardDAV/SyncService.php b/apps/dav/lib/CardDAV/SyncService.php +index 5bd92015ad7..6f6fa0ba379 100644 +--- a/apps/dav/lib/CardDAV/SyncService.php ++++ b/apps/dav/lib/CardDAV/SyncService.php +@@ -261,7 +261,7 @@ private function parseMultiStatus($body) { + /** + * @param IUser $user + */ +- public function updateUser($user) { ++ public function updateUser(IUser $user) { + $systemAddressBook = $this->getLocalSystemAddressBook(); + $addressBookId = $systemAddressBook['id']; + $converter = new Converter($this->accountManager); +diff --git a/apps/dav/lib/HookManager.php b/apps/dav/lib/HookManager.php +index b1bd039c65e..27b6525be47 100644 +--- a/apps/dav/lib/HookManager.php ++++ b/apps/dav/lib/HookManager.php +@@ -101,7 +101,9 @@ public function setup() { + + public function postCreateUser($params) { + $user = $this->userManager->get($params['uid']); +- $this->syncService->updateUser($user); ++ if ($user instanceof IUser) { ++ $this->syncService->updateUser($user); ++ } + } + + public function preDeleteUser($params) { + +From 4d6cfe12dd215f7c3313734d507414e5b1725990 Mon Sep 17 00:00:00 2001 +From: Arthur Schiwon <blizzz@arthur-schiwon.de> +Date: Mon, 17 Dec 2018 00:31:27 +0100 +Subject: [PATCH 4/4] LDAP clear cache on config modification also when done + via API or CLI + +Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> +--- + apps/user_ldap/lib/AppInfo/Application.php | 6 ++++++ + apps/user_ldap/lib/Command/SetConfig.php | 5 +++++ + apps/user_ldap/lib/Controller/ConfigAPIController.php | 9 ++++++++- + 3 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php +index 6d5c416f04f..59d7cdb4924 100644 +--- a/apps/user_ldap/lib/AppInfo/Application.php ++++ b/apps/user_ldap/lib/AppInfo/Application.php +@@ -24,6 +24,8 @@ + namespace OCA\User_LDAP\AppInfo; + + use OCA\User_LDAP\Controller\RenewPasswordController; ++use OCA\User_LDAP\ILDAPWrapper; ++use OCA\User_LDAP\LDAP; + use OCP\AppFramework\App; + use OCP\AppFramework\IAppContainer; + use OCP\IL10N; +@@ -50,5 +52,9 @@ public function __construct () { + $server->getURLGenerator() + ); + }); ++ ++ $container->registerService(ILDAPWrapper::class, function () { ++ return new LDAP(); ++ }); + } + } +diff --git a/apps/user_ldap/lib/Command/SetConfig.php b/apps/user_ldap/lib/Command/SetConfig.php +index db656558efc..cf73874ade8 100644 +--- a/apps/user_ldap/lib/Command/SetConfig.php ++++ b/apps/user_ldap/lib/Command/SetConfig.php +@@ -26,6 +26,8 @@ + + namespace OCA\User_LDAP\Command; + ++use OCA\User_LDAP\ConnectionFactory; ++use OCA\User_LDAP\LDAP; + use Symfony\Component\Console\Command\Command; + use Symfony\Component\Console\Input\InputArgument; + use Symfony\Component\Console\Input\InputInterface; +@@ -83,5 +85,8 @@ protected function setValue($configID, $key, $value) { + $configHolder = new Configuration($configID); + $configHolder->$key = $value; + $configHolder->saveConfiguration(); ++ ++ $connectionFactory = new ConnectionFactory(new LDAP()); ++ $connectionFactory->get($configID)->clearCache(); + } + } +diff --git a/apps/user_ldap/lib/Controller/ConfigAPIController.php b/apps/user_ldap/lib/Controller/ConfigAPIController.php +index e000bd4e709..d5b33e41044 100644 +--- a/apps/user_ldap/lib/Controller/ConfigAPIController.php ++++ b/apps/user_ldap/lib/Controller/ConfigAPIController.php +@@ -27,6 +27,7 @@ + use OC\Core\Controller\OCSController; + use OC\Security\IdentityProof\Manager; + use OCA\User_LDAP\Configuration; ++use OCA\User_LDAP\ConnectionFactory; + use OCA\User_LDAP\Helper; + use OCP\AppFramework\Http\DataResponse; + use OCP\AppFramework\OCS\OCSBadRequestException; +@@ -45,6 +46,9 @@ class ConfigAPIController extends OCSController { + /** @var ILogger */ + private $logger; + ++ /** @var ConnectionFactory */ ++ private $connectionFactory; ++ + public function __construct( + $appName, + IRequest $request, +@@ -53,7 +57,8 @@ public function __construct( + IUserManager $userManager, + Manager $keyManager, + Helper $ldapHelper, +- ILogger $logger ++ ILogger $logger, ++ ConnectionFactory $connectionFactory + ) { + parent::__construct( + $appName, +@@ -67,6 +72,7 @@ public function __construct( + + $this->ldapHelper = $ldapHelper; + $this->logger = $logger; ++ $this->connectionFactory = $connectionFactory; + } + + /** +@@ -198,6 +204,7 @@ public function modify($configID, $configData) { + } + + $configuration->saveConfiguration(); ++ $this->connectionFactory->get($configID)->clearCache(); + } catch(OCSException $e) { + throw $e; + } catch (\Exception $e) { @@ -144,6 +144,7 @@ if [ "$NC_IS_PATCHED" = true ]; then $OCC config:system:set integrity.check.disabled --value="true" --type=boolean # (un)comment and adjust following line depending on the use case, # otherwise a warning is shown, still + $OCC integrity:check-app dav $OCC integrity:check-app user_ldap # integrity checks are done once on upgrade case, thus we can directly remove the flag again |